Senior IT Security Analyst

BH Solutions Group, Inc., Executive Recruiting Cleveland , OH 44101

Posted 1 week ago

Senior IT Security Analyst

Cleveland, OH

BH Solutions Group, Inc, an Executive Recruiting and Consulting firm located in Akron, OH.

Currently assisting a Cleveland based manufacturing company with their search for a Senior IT Security Analyst focused on Endpoint performs two core functions for the enterprise. The first is the day-to-day operations of the in-place endpoint security solutions while the second is the identification, investigation and resolution of security concerns detected by those systems. Secondary tasks may include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, guidelines, and procedures as well as conducting vulnerability assessments. The Senior IT Security Analyst is expected to be fully aware of the enterprises security goals as established by policies, procedures and guidelines and to actively work towards upholding those goals.
Responsibilities for the Senior IT Security Analyst

  • Participate in the planning and design of enterprise endpoint security architecture, under the direction of the IT Security Manager, where appropriate.
  • Participate in the creation and maintenance of enterprise security documents (policies, standards, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.
  • Develop and communicate policies, procedures, and plans to executive team, staff, partners, customers, and stakeholders regarding technology and industry-specific laws.
  • Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors regarding Endpoint platforms (including Windows 10, macOS, and iOS devices).
  • Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
  • Perform the deployment, integration and initial configuration of new security solutions and any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprises security documents specifically.
  • Maintain up-to-date security baselines for the secure configuration and operation of security tools and endpoint devices in use within the organization, with a primary focus on Windows 10, macOS, and iOS.
  • Maintain operational configurations of all in-place security solutions as per the established baselines.
  • Monitor all in-place security solutions for efficient and appropriate operations.
  • Assist with the implementation, support, and maintenance of endpoint security solutions, including antivirus, Endpoint Detection and Response (EDR), host-based firewalls, and other endpoint systems.
  • Review logs and reports of in-place systems, with a focus on systems maintained by Information Security and endpoint systems that are maintained outside of Information Security. Interpret the implications of that activity and devise plans for appropriate resolution.
  • Participate in investigations into problematic activity, with a focus on endpoint systems.
  • Participate in the design and execution of vulnerability assessments and security audits of endpoint systems.
  • Provide on-call support for in-place security solutions.
  • Collaborate with IT, security, human resources, and legal to ensure full legal compliance of company policies, procedures, forms, notices, and materials.
  • Maintain a strong awareness of legislative changes or amendments in order to ensure ongoing and future compliance.
  • Advocate companys compliance policies via regular written and in-person communications.
  • Ensure that information security measures and equipment adhere to all applicable laws and regulations.
  • Participate in investigations and resolve or identify solutions to address security concerns.
  • Assist in development and implementation of technical security policies, with a focus on endpoint devices.
  • Assist with the development of new security tools and standards, including both hardware and software.
  • Assist in the analysis of security, OS, and application logs and alerts to assess, prioritize and differentiate between potential security incidents and normal behavior.
  • Assist with other projects as may be required to contribute to efficiency and effectiveness of the work that helps the team succeed.
  • Participate in hiring activities and fulfilling affirmative action obligations and ensuring compliance with the equal employee opportunity policy.

Requirements

Requirements for the Senior IT Security Analyst

  • Bachelor degree or foreign equivalent in IT related field or equivalent experience.
  • Preferred CISSP, GIAC, or CompTIA Security+ certifications.
  • 5+ years IT experience.
  • 5+ years of Windows 7/10 workstation technologies and associated management systems such as Active Directory, Group Policy, Ivanti, SCCM, or Intune.
  • 1+ year Powershell scripting experience preferred.
  • Experience with the configuration of Windows, macOS, or iOS devices.
  • Familiarity with industry standard security benchmarks (e.g. CIS or NIST) for endpoint devices preferred.
  • Proven experience in planning, organizing, and developing IT security technologies.
  • Experience identifying and implementing secure solutions to complex business problems.
  • Understanding of common threats, penetration/intrusion techniques and attack vectors.
  • Understanding of various endpoint and server operating systems, including Window Server 2012 & 2016, Windows 7 & 10, macOS, iOS, UNIX, Linux, etc.)
  • Experience supporting endpoint security solutions, such as McAfee, Symantec, CrowdStrike, etc.
  • Experience with Windows virtualization-based security capabilities, such as Device Guard, Credential Guard, or Application Guard.
  • Experience evaluating cybersecurity threats and vulnerabilities.
  • Experience utilizing cybersecurity industry standards such as CIS or NIST to develop secure standards for Windows, macOS, iOS, and/or Office 365.
  • Understanding of CVSS, CVE, CWE, CPE, CCE, CWE, OVAL, SCAP and/or other standards.
  • Demonstrated experience with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Qualys, Nessus, or Metasploit.
  • Experience with virtualization and containerization platforms such as VMWare, VirtualBox, Hyper-V, Docker, and/or Rancher.
  • Experience utilizing SIEM solutions (Splunk, QRadar, ArcSight, LogRythm, etc.) to search system logs for troubleshooting or security investigation purposes.
  • Experience with Microsoft Azure or Office 365.
  • Strong analytical and problem-solving abilities.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Strong written, oral, and interpersonal communication skills.
  • Ability to conduct research into IT security issues and products as required.
  • Ability to present ideas in business-friendly and user-friendly language.
  • Highly self-motivated and directed.
  • Keen attention to detail.
  • Team-oriented and skilled in working within a collaborative environment. 10% travel as required
  • Work outside the standard office 7.5 hour workday as required with on-call availability.

This position may sit in Cleveland or Minneapolis office.

Must be legally authorized to work in country of employment without sponsorship for employment visa status now or in the future.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Lead IT Security Analyst (Certification Management Program)

Sherwin-Williams

Posted 3 days ago

VIEW JOBS 12/6/2019 12:00:00 AM 2020-03-05T00:00 Founded in 1866, The Sherwin-Williams Company is a global leader in the manufacture, development, distribution, and sale of paints, coatings and related products to professional, industrial, commercial, and retail customers. The company manufactures products under well-known brands such as Sherwin-Williams®, Valspar®, HGTV HOME® by Sherwin-Williams, Dutch Boy®, Krylon®, Minwax®, Thompson's® Water Seal®, Cabot® and many more. Sherwin-Williams® branded products are sold exclusively through a chain of more than 4,100 company-operated stores and facilities, while the company's other brands are sold through leading mass merchandisers, home centers, independent paint dealers, hardware stores, automotive retailers, and industrial distributors. The company supplies a broad range of highly-engineered industrial and OEM coatings for wood and general industrial, coil, packaging, protective and marine, and transportation applications worldwide. Our 60,000 employees are diverse, innovative and passionate. With a variety of rewarding and challenging opportunities, Sherwin-Williams is a great place to find a career that takes you places. The Lead IT Security Analyst core function is to develop and maintain the Corporate Certification Management program. Assignments at this level require working closely with the information asset owners in designing, building, and managing PKI systems in conformance to the policies, standards and industry best practices. Stay informed of current events in the security industry including the latest exploits and threats, as well as, preventative measures. Essential Functions Strategy & Planning * Take ownership and drive forward the capabilities and maturity of the Certification Management programs by identifying appropriate technologies, policies, communication channels, organizational structures and relationships with internal partners * Collaborate with business, and peers on PKI policy, procedures, and technologies * Participate in the research, analyze, and design implementation strategies of PKI encryption technologies and products. Acquisition & Deployment * Perform compliance assessments and test new systems * Serve as PKI Certificate and Encryption SME providing enterprise PKI support and guidance Operational Management * Work with information security leadership and cross-functional teams to develop strategies and plans to enforce security requirements and address identified risks. * Support PKI hardware and software installation, patching, configuration, and operations. * Improve and automate secure PKI practices, PKI security requirements, and metrics. * Document, recommend and review PKI and encryption related projects. * Coordinate testing of changes/additions to the PKI infrastructure. * Provide guidance to key stakeholders on PKI lifecycle, processes and procedures * Pro-actively monitor and administer certificate usage/deployment/expiration and ensure compliance with corporate security standards. Incidental Functions * Provide security analysis and consultation services for product, system and network architecture designs. * Assist with other projects as may be required to contribute to efficiency and effectiveness of the group. * 10% travel as required * Work outside the standard office 7.5 hour workday as required with on-call availability. Position Requirements Formal Education & Certification * Bachelor degree or foreign equivalent in related field or equivalent experience. * Preferred CISSP, GIAC, or CompTIA Security Knowledge & Experience * 8 years IT experience. * 5 years of experience with designing, developing, integrating, securing, and maintaining Public Key Infrastructure (PKI) architectures and technologies. * Experience with Certificate Policies and Certification Practice Statements.. * In-depth understanding of PKI concepts such as encryption, digital signatures, Public Key Cryptographic Standards (PKCS) and Public Key Enabling. * Background in metrics/reporting. * Experience identifying and implementing solutions to complex business problems. * Experience with end-to-end automation of certificate renewals. * Working knowledge of Entrust products. * Understanding of various operating systems (z/OS, Window, UNIX, Linux, AIX, etc.) with an emphasis on vulnerability assessment and hardening. Experience in one of more of the following areas preferred * Experience with Data Encryption Deployments and Applied Cryptography Experience Public Key Infrastructure (PKI) and certificate management * Experience with Host DLP solutions such as Digital Guardian. * Experience with Security and Information and Event Monitoring (SIEM) products such as Splunk and/or Qradar. * Experience with web proxy technology. * Experience with Privilege Account Management such as CyberArk. * Foreign language proficiency desirable. Personal Attributes * Ability to set and manage priorities. * Strong written and oral communication skills. * Strong interpersonal skills. * Ability to present ideas in business-friendly and user-friendly language. * Self-motivated and directed. * Keen attention to detail. * Strong analytical, evaluative, and problem-solving abilities. * Ability to motivate in a team-oriented, collaborative environment. Must be legally authorized to work in country of employment without sponsorship for employment visa status now or in the future. Preferred Candidate Identified Equal Opportunity Employer. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, citizenship status, marital status, or any other consideration prohibited by law or contract. VEVRAA Federal Contractor requesting priority referral of protected veterans. Sherwin-Williams Cleveland OH

Senior IT Security Analyst

BH Solutions Group, Inc., Executive Recruiting